ISO/IEC 27001 - Information security

Find out more about the international standard for information security here and what the benefits are for your organisation. Protect your business information from hackers with ISO/IEC 27001.

What is ISO/IEC 27001

Although sometimes referred to as ISO 27001, the official name for the international standard for information security management is ISO/IEC 27001.

ISO/IEC 27001 provides a framework for establishing, implementing, managing and continuously improving an "Information Security Management System" (ISMS). This management system is widely applicable and helps organisations of all sizes and industries protect sensitive information, such as financial data, intellectual property and other confidential data.

NBN EN ISO/IEC 27001:2023

Active

Information security, cybersecurity and privacy protection - Information security management system - Requirements

Buy Now

Benefits of ISO/IEC 27001

Better protection of critical data

By working with an information security management system, you protect your crucial data. This reduces the risk of misuse of your information and prevents it from being wrong or not available in time.

Improved internal processes

Written procedures and a clear division of roles help detect vulnerabilities systematically. ISO/IEC 27001 promotes awareness of information security risks and encourages the improvement of security measures.

Increased customer confidence

Customers are showing increasing interest in how you manage their data. By working with an information security management system, you put them at ease and they'll continue to work with your organisation. The same is true for your employees and partners.

Reduced financial risk

By failing to comply with relevant information security laws, you risk hefty fines. Also, loss of reputation and loss of customers can lead to serious financial damage.

Suited to your needs

Public sector? Private? Large or small? Every organisation, regardless of sector, can apply this standard in a way that meets their needs. Be sure to check out the complementary standard ISO/IEC 27009 for a sector-specific version.

In accordance with the GDPR

As an added bonus, ISO/IEC 27001 helps you comply with regulations such as the General Data Protection Regulation (GDPR), demonstrating operational excellence.

Show all benefits

Show less benefits

Yvan Baes

IT manager at NBN

Cybercriminals exploit both technical and human weaknesses. How best to protect yourself against their attacks? By applying a minimum of best practices. ISO/IEC 27001 defines the requirements for establishing, implementing, maintaining and continuously improving an information security management system for each organisation.

ISO/IEC 27001 certification

Do you want to have the correct implementation of standard ISO/IEC 27001 determined by an independent body? That's called certification. It's written proof that you meet all the requirements of the ISO/IEC 27001 standard.

Benefits of an ISO/IEC 27001 certificate

Consumers and partners today want assurances about the security of their data. A certificate inspires confidence and opens up new commercial opportunities.
Certification increases your chances for tenders, as governments and large corporations increasingly seek organisations with good information security.
Certification requires regular audits, keeping your goals and procedures up-to-date and continuously improving your information security.

Please note that although ISO and NBN facilitate the development of these standards, these organisations are not involved in their certification.

Do you want to find out more about certification, which institutions certify and how to prepare your organisation for certification? Learn more on our certification page or in our white paper on certification.

^{Download the certification white paper}

View the ISO 9001 training courses

Do you want to implement the ISO 9001 standard in your organisation, but aren't sure where to start?
NBN helps you on your way!

To all ISO 9001 training courses

View the ISO 14001 training courses

Do you want to implement the ISO 14001 standard in your organisation, but aren't sure where to start? NBN helps you on your way!

To all ISO 14001 training courses

View the ISO/IEC 27001 training courses

Do you want to implement the ISO/IEC 27001 standard in your organisation, but aren't sure where to start? NBN helps you on your way!

To all ISO/IEC 27001 training courses

View the ISO 45001 training courses

Want to implement the ISO 45001 standard in your organisation, but not sure where to start? NBN helps you on your way!

To all ISO 45001 training courses

View the ISO/IEC 17025 training courses

Do you want to implement the ISO/IEC 17025 standard in your organisation, but aren't sure where to start? NBN helps you on your way!

To all ISO/IEC 17025 training courses

Collaborate on ISO/IEC 27001

Would you like to contribute to the future of the ISO/IEC 27001 standard and other standards related to information security?

Agoria acts as sector operator for the ISO/IEC JTC 1 / SC 27 standards committee and is the contact for anyone in Belgium who wants to contribute to these standardisation activities.

^{To the Agoria website}

Frequently asked questions about ISO/IEC 27001

How do I access the ISO/IEC 27001 standard?

Is ISO/IEC 27001 mandatory?

I want to take a training course on ISO/IEC 27001

What are the other standards within the ISO/IEC 27000 series and why are they of interest?

Although ISO/IEC 27001 is the only certifiable standard from the ISO/IEC 27000 series, we recommend that you combine it with other standards from this family. That way, you will know exactly how best to apply ISO/IEC 27001 and strengthen your information security management.

ISO/IEC 27002: this standard provides guidelines and best practices for implementing security controls and measures.

ISO/IEC 27005: this standard focuses specifically on information security risk management.

You'll also find the ISO/IEC 27001:2022 Handbook in our catalogue. This is a resource for SMEs who want to improve their information security management. It not only provides explanations and guidelines, but also practical tools to help implement an effective ISMS according to the latest standards.

On this page

Buy ISO/IEC 27001